This topic provides information regarding the collection, storage, and retention of logs by the Citrix Secure Private Access service. Any capitalized terms not defined in the Definitions sections carry the meaning specified in the Citrix End User Services Agreement.
The Citrix Secure Private Access Service Customer Content data reside in the Amazon Web Services East region, and they are replicated to the following Azure regions for availability and redundancy:
- East US
- West US
- Brazil South
- Southeast Asia
- North Europe
- West Europe
- Australia East
- South India
The following are the different destinations for the service configuration and runtime logs.
- Splunk service for system monitoring and debug logs, in the US location only.
- Citrix Analytics Service for the diagnostics and user access logs, see Citrix Analytics Service Data Governance for more information.
- Citrix Application Delivery Management Service for the aggregated user access logs, see Citrix ADM Data Governance for more information.
- Citrix Cloud System Logs Service for admin audit logs, see the link below
For general information on Citrix Cloud Services, see Citrix Cloud Services Customer Content and Log Handling and Geographical Considerations.
Citrix Secure Private Access Service allows the customer administrators to configure the service through the Admin UI, and the companion Connector Appliances through the console. The Customer Content collected are:
For Secure Private Access Service
- Customer private and SaaS applications
- FQDNs and URLs for web apps or both
- IP addresses/ranges, ports, and protocols
- The associated resource locations
- Single Sign-On parameters for Web and SaaS apps
- User identifiers for app entitlements
Conditions for Adaptive Access policies
- User identity
- User/device geo location
- User/device network location, through Citrix Cloud network location configuration. For details, see Optimize connectivity to workspaces with Direct Workload Connection.
- User risk score
- Device type
For Connector Appliance Platform, see Connector Appliance for Cloud Services related to Secure Private Access.
- IP addresses or FQDNs
- Users, devices, and resource location identifiers
- Internal proxy configuration
For runtime logs collected by the service components, the key information consists of the following:
- User name
- User Object ID
- User email address
- User UPN
- User group memberships
- Client IP address and port
- Destination FQDN/address and port
- Client User-Agent
- Application name
- Application URL path
- Application access time and duration
- Request byte count
- Response byte count
- Web Filtering decision for unsanctioned applications
- HTTP transaction ID
For the comprehensive list of data sent to Citrix Analytics Service, see Citrix Analytics Service Data Governance.
Citrix Secure Private Access sends logs to destinations protected by transport layer security.
Citrix Secure Private Access service does not currently provide options for the customer to turn off sending logs or to prevent Customer Content from being replicated globally.
Based on the Citrix Cloud data retention policy, the customer configuration data are purged from the service 90 days after subscription has expired.
The log destinations maintain their service-specific data retention policy.
- For details, see Data Governance for the retention policy for the Analytics logs.
- For the events stored in Citrix Application Delivery Management, see Data governance.
- The Splunk logs are archived and eventually removed after 90 days.
There are different data export options for different types of logs.
- The admin audit logs are accessible from the Citrix Cloud System Log console.
- The Secure Private Access Service diagnostics logs can be exported from the Citrix Analytics Service as a CSV file.
- The Splunk logs are not for customers to consume. These events can also be exported from Splunk as a CSV file.
- Customer Content means any data uploaded to a customer account for storage or data in a customer environment to which Citrix is provided access to perform Services.
- Log means a record of events related to the services, including records that measure performance, stability, usage, security, and support.
- Services mean that the Citrix Cloud services outlined earlier for the purposes of Citrix Analytics.